name: Publish Kata release artifacts on: push: tags: - '[0-9]+.[0-9]+.[0-9]+*' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: build-and-push-assets-amd64: uses: ./.github/workflows/release-amd64.yaml with: target-arch: amd64 secrets: inherit build-and-push-assets-arm64: uses: ./.github/workflows/release-arm64.yaml with: target-arch: arm64 secrets: inherit build-and-push-assets-s390x: uses: ./.github/workflows/release-s390x.yaml with: target-arch: s390x secrets: inherit publish-multi-arch-images: runs-on: ubuntu-latest needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x] steps: - name: Checkout repository uses: actions/checkout@v4 - name: Login to Kata Containers docker.io uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - name: Push multi-arch manifest run: | # tag the container image we created and push to DockerHub tag=$(echo $GITHUB_REF | cut -d/ -f3-) tags=($tag) tags+=($([[ "$tag" =~ "alpha"|"rc" ]] && echo "latest" || echo "stable")) # push to quay.io and docker.io for tag in ${tags[@]}; do docker manifest create quay.io/kata-containers/kata-deploy:${tag} \ --amend quay.io/kata-containers/kata-deploy:${tag}-amd64 \ --amend quay.io/kata-containers/kata-deploy:${tag}-arm64 \ --amend quay.io/kata-containers/kata-deploy:${tag}-s390x docker manifest create docker.io/katadocker/kata-deploy:${tag} \ --amend docker.io/katadocker/kata-deploy:${tag}-amd64 \ --amend docker.io/katadocker/kata-deploy:${tag}-arm64 \ --amend docker.io/katadocker/kata-deploy:${tag}-s390x docker manifest push quay.io/kata-containers/kata-deploy:${tag} docker manifest push docker.io/katadocker/kata-deploy:${tag} done upload-multi-arch-static-tarball: needs: publish-multi-arch-images runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: download-artifacts-amd64 uses: actions/download-artifact@v3 with: name: kata-static-tarball-amd64 - name: push amd64 static tarball to github run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-static-$tag-amd64.tar.xz" mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" pushd $GITHUB_WORKSPACE echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" popd - name: download-artifacts-arm64 uses: actions/download-artifact@v3 with: name: kata-static-tarball-arm64 - name: push arm64 static tarball to github run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-static-$tag-arm64.tar.xz" mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" pushd $GITHUB_WORKSPACE echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" popd - name: download-artifacts-s390x uses: actions/download-artifact@v3 with: name: kata-static-tarball-s390x - name: push s390x static tarball to github run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-static-$tag-s390x.tar.xz" mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" pushd $GITHUB_WORKSPACE echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" popd upload-versions-yaml: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: upload versions.yaml env: GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }} run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) pushd $GITHUB_WORKSPACE versions_file="kata-containers-$tag-versions.yaml" cp versions.yaml ${versions_file} gh release upload "${tag}" "${versions_file}" popd upload-cargo-vendored-tarball: needs: upload-multi-arch-static-tarball runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: generate-and-upload-tarball run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-containers-$tag-vendor.tar.gz" pushd $GITHUB_WORKSPACE bash -c "tools/packaging/release/generate_vendor.sh ${tarball}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" popd upload-libseccomp-tarball: needs: upload-cargo-vendored-tarball runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: download-and-upload-tarball env: GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }} GOPATH: ${HOME}/go run: | pushd $GITHUB_WORKSPACE ./ci/install_yq.sh tag=$(echo $GITHUB_REF | cut -d/ -f3-) versions_yaml="versions.yaml" version=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.version") repo_url=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.url") download_url="${repo_url}/releases/download/v${version}" tarball="libseccomp-${version}.tar.gz" asc="${tarball}.asc" curl -sSLO "${download_url}/${tarball}" curl -sSLO "${download_url}/${asc}" gh release upload "${tag}" "${tarball}" gh release upload "${tag}" "${asc}" popd